Ok, here we go again..=20 For those who are having trouble with kod, alot of you are using a very = old version which was the first i submitted. inserted is the lastest version which should work. I wrote kod.c aka = cherrycoke.c about 3-4 months ago.=20 It sends a fragmented igmp packet to a windows client that states that = it is not fragmented but there are more frags to come windows assembles the packets and dies trying. Here is a dump of the = packet if you want to rewrite it. /* output via tcpdump or windump95 63.66.66.44 > 24.128.158.18: igmp-2 [v0][|igmp] (frag 52242:1480@0+) = (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@1480+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@2960+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@4440+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@5920+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@7400+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@8880+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@10360+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@11840+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@13320+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@14800+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:120@16280) (ttl 128) */ ::notice the last frag it changed length.. I have also ported kod to windows and please email me if you want a copy = of it. As far as I can tell due to my exaustive research on the subject it = works on 95/98/98se/2k(some betas) Friends of mine such as defile/nyt/ignitor/etc have rewritten kod to = suit there needs.. I have tested kod.c out alot on many machines and it works 85% of the = time for me. There are circumstances to why kod doesn't always work, some routers my = drop igmp packets if the source isn't local so try spoofing =3D). As far as I can see netcom = and alot of .ca servers drop the kod packets. So please dont bark at me =3D) I just found the bug, wrote the code and = what you do with it is your concern =3D). Patch: (no hotfix currently) If you want to protect yourself from kod.c I suggest you get winroute = from www.winroute.com get version 4.. It automatically drops igmp packets incoming and = outgoing ha =3D) It is also a very good portmapper/NAT firewall/ip masqer as well.. Shoutouts: = amputee/ignitor/nizda/antibyte/codelogic/ill`/chord/cheesebal/traveler/wi= nx/naz/dist/mrcide/etc... (gotta give shoutouts) hasta, klepto@Efnet or kleptoat_private de omnibus dubitandum
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:24 PDT